Stored Cross-Site Scripting in Responsive Blocks for WordPress by ResponsiveBlockPlugin
CVE-2024-13732

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Responsive Blocks – WordPress Gutenberg Blocks
Vendor: CVE Published:; 30 January 2025

Summary

The Responsive Blocks plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in the ‘section_tag’ parameter. This vulnerability permits authenticated users with Contributor-level access and higher to inject malicious scripts into web pages. These scripts execute automatically when other users access the affected pages, potentially compromising the integrity of the site and its users.

Affected Version(s)

Responsive Blocks – WordPress Gutenberg Blocks * <= 1.9.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/responsive-blo...

https://wordpress.org/plugins/responsive-block-editor-addons

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 24, 2025

Credit

Djaidja Moundjid